IDS mailing list archives
Re: Firewalls (was Re: IDS evaluations procedures)
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 26 Jul 2005 01:01:22 +0530
On 22/07/05 14:32 -0700, Swift, David wrote:
Right up front, I'll admit I work for a vendor, but... 1. There are a growing number Intrusion Detection/Intrusion Prevention Systems that have integrated firewall. 2. IPS is a significant step in the right direction, and does things a firewall can't. If you have doubts, try using Firewalker to pinpoint
Only if your "firewall" is a pure packet filter. Why not improve the IPS to disallow all traffic except that which is found to be legitimate. The subset of all traffic which is legitimate is far smaller and deterministic. And then you might as well terminate the connection right there and build a wholly new one which is known to be good. And then market it as a proxy? <snip>
Oh, and by the way while you have the data payload open for inspection, why not apply intelligent rules to look for MalWare in the payload? Then toss the bad payload packets away with everything else you've already filtered with the firewall rules.
I repeat: everything which is not known good is bad. Any security policy which attempts to enforce otherwise is broken. Oh well, history repeats itself. Devdas Bhagat ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- RE: Firewalls (was Re: IDS evaluations procedures) Biswas, Proneet (Jul 21)
- <Possible follow-ups>
- RE: Firewalls (was Re: IDS evaluations procedures) Hovis, Chris (Jul 21)
- RE: Firewalls (was Re: IDS evaluations procedures) Kyle Quest (Jul 22)
- RE: Firewalls (was Re: IDS evaluations procedures) Swift, David (Jul 25)
- Re: Firewalls (was Re: IDS evaluations procedures) Richard Bejtlich (Jul 25)
- Re: Firewalls (was Re: IDS evaluations procedures) Sanjay Rawat (Jul 26)
- Re: Firewalls (was Re: IDS evaluations procedures) Martin Roesch (Jul 27)
- Re: Firewalls (was Re: IDS evaluations procedures) Jason (Jul 27)
- Re: Firewalls (was Re: IDS evaluations procedures) Stefano Zanero (Jul 27)
- Re: Firewalls (was Re: IDS evaluations procedures) Richard Bejtlich (Jul 25)
- Re: Firewalls (was Re: IDS evaluations procedures) Devdas Bhagat (Jul 25)
- RE: [Bulk] Re: Firewalls (was Re: IDS evaluations procedures) Bill Royds (Jul 26)
- RE: Firewalls (was Re: IDS evaluations procedures) Omar Herrera (Jul 26)
- RE: Firewalls (was Re: IDS evaluations procedures) Swift, David (Jul 25)
- Re: Firewalls (was Re: IDS evaluations procedures) Fergus Brooks (Jul 26)
- Re: Firewalls (was Re: IDS evaluations procedures) Sanjay Rawat (Jul 26)
- RE: Firewalls (was Re: IDS evaluations procedures) Swift, David (Jul 27)
- RE: Firewalls (was Re: IDS evaluations procedures) Ha, Jason (Jul 27)